Privacy Policy

Stakeholder View for Jira • Last updated: March 30, 2026

This Privacy Policy describes how Ivars Apps (Luis Ivars Unipessoal Lda) ("we", "us", "our") handles data in connection with the Stakeholder View for Jira application ("the App"), available on the Atlassian Marketplace.

1. What Data the App Accesses

The App reads the following data from your Atlassian Jira instance to generate stakeholder views:

• Jira issues (summary, status, priority, assignee display name, due dates, issue type)
• Jira epics (summary, status, progress, due dates)
• Jira sprints (name, dates, goals, state)
• Jira boards (name, type)
• Jira project metadata (project key, name)
• Current user identity (display name, for configuration tracking)

2. How Data is Processed

All data processing occurs entirely within the Atlassian Forge platform. The App:

• Runs in Atlassian's sandboxed Forge environment (server-side)
• Renders configuration UI in a sandboxed iframe (client-side, within Jira)
• Renders public stakeholder views via Forge Webtrigger (server-side HTML generation)
• Does NOT transmit any data to external servers
• Does NOT use third-party analytics, tracking, or advertising services
• Does NOT collect, store, or process user credentials or API tokens

3. Public Stakeholder Views

The App generates shareable URLs ("magic links") that display a read-only view of selected project data. These views:

• Are generated server-side using Forge Webtrigger — data is fetched and rendered within Atlassian infrastructure
• Only display data that the project manager has explicitly configured to be visible
• Do NOT expose assignee email addresses, internal comments, or attachments
• Are protected by unique, revocable tokens with optional expiry dates
• Can be revoked at any time by the project manager

4. Data Storage

The App stores configuration and access control data using Atlassian Forge Storage, which is hosted and encrypted by Atlassian within your tenant's infrastructure:

• Project view configuration (which data sections to display, custom titles, branding)
• Magic link tokens (random identifiers, creation date, expiry, access count)
• RAG status and dimension settings

No issue data or report content is permanently stored. Stakeholder views are generated on-demand from live Jira data and are not cached.

5. Data Sharing

We do NOT share, sell, rent, or disclose any of your data to third parties. The App has no sub-processors.

When a project manager shares a magic link with an external stakeholder, only the data explicitly configured by the PM is visible in the rendered view. The stakeholder does not gain access to Jira or any data beyond what is shown.

6. Data Retention and Deletion

When the App is uninstalled from your Atlassian site, data stored in Forge Storage is soft deleted and retained by Atlassian according to Forge-hosted storage lifecycle policies before permanent deletion.

Forge-hosted storage is not automatically restored on reinstallation. Where Atlassian's recovery window applies, data may be recoverable for a limited period through Atlassian support workflows.

7. Data Residency

The App runs on Atlassian Forge infrastructure and follows your Atlassian tenant's data residency configuration. We do not independently store or transfer data to any specific geographic region.

8. GDPR Compliance

We act as a Data Processor under the General Data Protection Regulation (GDPR). Atlassian acts as the infrastructure provider. Your organization remains the Data Controller.

• The App processes personal data only as necessary to generate stakeholder views (display names, assignee information)
• No personal data is stored beyond the minimal configuration described above
• Data subject access requests (DSAR) should be directed to your Atlassian site administrator

9. Security

• All data at rest in Forge Storage is encrypted by Atlassian
• All communication occurs over HTTPS
• The App uses api.asUser() for configuration and api.asApp() for public view rendering, ensuring proper permission scoping
• Magic link tokens are randomly generated and stored securely in Forge Storage
• No credentials or secrets are stored in the App
• The App requests only the minimum Forge scopes necessary for functionality

10. Children's Privacy

The App is designed for business use within Atlassian products and is not intended for use by children under 16.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance.

12. Contact

For questions about this Privacy Policy or data handling practices, contact us at:

• Email: luisivars@luisivars.pt
• Company: Ivars Apps (Luis Ivars Unipessoal Lda)
• Country: Portugal